syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Open Source Edition

Contents

11.2.7.1. Procedure – How conditional rewriting works

Purpose: 

The following procedure summarizes how conditional rewrite rules (rewrite rules that have the condition() parameter set) work. The following configuration snippet is used to illustrate the procedure:

rewrite r_rewrite_set{set("myhost", value("HOST") condition(program("myapplication")));};
log {
    source(s1);
    rewrite(r_rewrite_set);
    destination(d1);};

Steps: 

  1. The log path receives a message from the source (s1).

  2. The rewrite rule (r_rewrite_set) evaluates the condition. If the message matches the condition (the PROGRAM field of the message is "myapplication"), syslog-ng OSE rewrites the log message (sets the value of the HOST field to "myhost"), otherwise it is not modified.

  3. The next element of the log path processes the message (d1).